Newcastle University, neighbouring Northumbria hit by ransomware attacks

Doppelpaymer gang publishes Geordie institution's stolen files online

11 Reg comments Got Tips?

A cyber attack at Newcastle University has turned out to be a ransomware infection courtesy of the Doppelpaymer gang.

Hackers have posted a small sample of files from the gang on a leaks website, a tactic increasingly used by ransomware criminals to pressure victims into paying up.

The university said in a statement on its website that it would take “several weeks” to repair its systems from the ransomware attack, which was discovered on 30 August.

“Many IT services are not operating and will remain that way for the duration. IT services that are operating may need to be taken down without notice. Colleagues may lose access to their IT accounts without notice and they may not be re-enabled quickly. NUIT may need access to any IT system you keep or use,” said a terse bullet-pointed list.

Powerpoint, Office365 and teams were still accessible, it said.

Newcastle University said that investigators, as well as police and other agencies, are looking into the attacks.

Students are due to begin the new academic year on 28 September, giving the university’s hard-working IT department just under three weeks to get everything back up and running. Current students and staff are already being warned that university systems could revert to a backup taken on 4 September.

“Almost 100 per cent of cyber attacks require human interaction to be successful,” opined email security firm Proofpoint’s Adenike Cosgrove. “That same human interaction can also bring about failure. Universities should ensure that all staff and students are aware of basic security hygiene and the mechanics of common threats. This awareness training must be in context. All users must know how they are likely to encounter an attack and the role they play in defending against it.”

Similar badness up the road

Northumbria University, which is located in Newcastle but not part of that city’s eponymous further education institution, also confessed in late August that it had fallen victim to a “cyber incident”.

An email sent in the name of Professor Peter Francis, Northumbria’s deputy vice-chancellor, informed students of “significant operational disruption to the university.”

In the 31 August message, seen by The Register, the prof said: “Since we became aware of the incident, we engaged a group of dedicated, external specialists who launched an investigation and also took immediate action in order to mitigate the impact. We have also informed the ICO (Information Commissioner’s Office) on a precautionary basis, as well as Northumbria Police, and other regulatory bodies as appropriate.”

A man holding a mug of coffee

Northumbria Uni fined £400K after boffin's bad math gives students a near-killer caffeine high

READ MORE

Exams were cancelled and the university’s clearing hotline for matching students with last-minute course offers also went down, according to the BBC.

A Reg reader and Northumbria student who did not wish to be named castigated the university for not coming out earlier and admitting to the cyber attack, telling us that on 28 August the university had merely advised students not to log into campus systems.

“Having previously been in charge of major incident communications for a large telecommunications company utilising ITIL Major Incident Management best practices, I must say I’m shocked and appalled at how untransparent and untimely Northumbria University are in regards to what appears to be a major breach of students’ and staff data,” said our reader.

The university said in a statement: "The investigation is still at an early stage and we are currently assessing the scope of the incident," adding that students with deadlines to meet would be given extra time for their coursework and exams. ®


Biting the hand that feeds IT © 1998–2020